Reputation: 97
How to protect WinForms ConnectionString
How to protect connectionstring especially db password ? I've found some examples but it's hard to understand them.
Does anyone have actual code examples? Thanks.
EDIT: Protect against standard users. Basic protection for sa password in connectionString needed.
Upvotes: 1
Views: 672
Answers (2)
Reputation: 69250
If the application is to connect directly to the database, then you should regard that connection information as available to the user running the application. You might obfuscate it yes, but protect it entirely isn't possible.
You have two options for implementing security:
Make sure that there is proper security on the database level so that the user can only perform operations that are okay. That obviously means using another user than
sa.Don't access the DB directly from the application, but let the application call a service (a WCF service is simple to get started with) on a server and let that server perform access checks and connect to the database.
No 2. is the most common architectural solution.
Upvotes: 3
Reputation: 48686
You will want to look at this article which discusses encrypting configuraton information. The information in the article works with both a web.config file and an app.config file.
For an example of this, try looking at this walkthrough
Upvotes: 2
Related Questions
- Connection String Security C#
- Secure ConnectionString in WinForm Applications
- Connection string security in .net desktop application
- Encrypting Connection string for a forms Application
- How to securely store a connection string in a WinForms application?
- How to protect the connectionstring in web.config?
- Protect central app.config
- Encrypt connection string in NON ASP.Net applications
- ConnectionStrings in app.config. What about security?
- How to secure connection strings in VS?